CVE-2022-20530

In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2315856...

CVE-2022-20530

In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2315856...

CVE-2022-20530

CVE-2022-20530 affects Android 13, where a vulnerability in the strings.xml resource can bypass a permission and potentially disclose call logs remotely without extra execution privileges. The issue is described as a permission bypass with remote information disclosure and no user interaction req...

PT-2022-10939 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12 Description: The issue concerns a misleading message in the "Clear storage" functionality, potentially leading to local information disclosure without requiring additional execution privileges...

GHSA-R8J4-96MX-RJCC Improper Restriction of XML External Entity Reference in skylot/jadx

skylot/jadx prior to 1.3.2 is vulnerable to Improper Restriction of XML External Entities when a user is tricked into exporting a malicious APK file via the -e option containing a crafted AndroidManifest.xml / strings.xml to gradle, leading to possible local file disclosure...

Reddit: hardcoded api secret & api key in com.reddit.frontpage

hi security team, in file Resources/Resources.arsc/res/values/strings.xml i have found ███ ███ It shouldn't be disclosed to third parties it meant for deveoplers as per https://developer.twitter.com/en/docs/authentication/oauth-2-0/bearer-tokens poc:- curl --user "██████:███" --data...